OCEB2BI 06 Process Quality and Governance Frameworks

• SOX: http://www.sox-online.com/sarbanes-oxley-basics/
• COBIT 5: An Introduction
  http://www.isaca.org/COBIT/Documents/COBIT5-Introduction.ppt
• An Introductory Overview of ITIL® 2011, https://www.best-management-practice.com/gempdf/itSMF_An_Introductory_Overview_of_ITIL_V3.pdf
• Business Process Maturity Model Specification, V1.0
• Craig Gygi et al, Six Sigma for Dummies, Second Edition, Wiley, 2012
• Philip Schume, IBM: BPM and Lean -- a powerful combination for process improvement,
  http://www.ibm.com/developerworks/bpm/bpmjournal
  /1308_col_schume/1308_schume.html

by http://www.sox-online.com/sarbanes-oxley-basics/

• SOX stands for Senator Paul Sarbanes and Representative Michael Oxley, who drafted the Sarbanes-Oxley Act of 2002.
• To protect investors by improving the accuracy and reliability of corporate disclosures.
• The Sarbanes-Oxley Act created new standards for corporate accountability as well as new penalties for acts of wrongdoing.
• It changes how corporate boards and executives must interact with each other and with corporate auditors.
• It removes the defense of "I wasn't aware of financial issues" from CEOs and CFOs

• Section 201 outlines Prohibited Auditor Activities.
• Section 302 describes the CEO's and CFO's new responsibilities regarding corporate reports.
• Section 404 addresses the Management Assessment of Internal Controls.
• Section 409 outlines Real Time Disclosure.
• Section 802 describes criminal penalties for altering documents.
• Section 806 describes whistle blower protection.
• Section 807 describes criminal penalties for fraud.

based on http://www.isaca.org/COBIT/Documents/COBIT5-Introduction.ppt © 2012 ISACA

• Control Objectives for Information and Related Technology
• COBIT 5 helps enterprises create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use.
• COBIT 5 enables information and related technology to be governed and managed in a holistic manner for the entire enterprise, taking in the full end-to-end business and functional areas of responsibility, considering the IT-related interests of internal and external stakeholders.
• COBIT 5 provides a comprehensive framework that assists enterprises to achieve their goals and deliver value through effective governance and management of enterprise IT.

Source:  COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.	Principle 1. Enterprises exist to create value for their stakeholders.
	Principle 2. COBIT 5 does not focus only on the ‘IT function’, addresses the governance and management of information from an enterprise wide, end-to-end perspective
	Principle 3. COBIT 5 aligns with the latest relevant other standards and frameworks used by enterprises.
	Principle 4. Systemic governance and management through interconnected enablers: Processes, Organisational structures, Principles, Policies and Frameworks, ...
	Principle 5. The COBIT 5 framework makes a clear distinction between governance and management.

• Enterprises of all sizes, whether commercial, not-for-profit or in the public sector, can benefit from COBIT 5.

based on An Introductory Overview of ITIL® 2011

• ITIL (IT Infrastructure Library) provides a framework of Best Practice guidance for IT Service Management.
• It provides a framework for the governance of IT, the ‘service wrap’, and focuses on the continual measurement and improvement of the quality of IT service delivered, from both a business and a customer perspective.

• A service is a means of delivering value to customers by facilitating outcomes customers want to achieve without the ownership of specific costs and risks.
• Service management: A set of specialized organizational capabilities for providing value to customers in the form of services.

• Process owner
  Accountable for ensuring that a process is fit for purpose, i.e. that it is capable of meeting its objectives; that it is performed according to the agreed and documented standard; and that it meets the aims of the process definition
• Process manager
  Accountable for operational management of a process. There may be several process managers for one process and the process manager role is often assigned to the same person carrying out the process owner role
• Process practitioner
  Responsible for carrying out one or more process activities. The process practitioner role may be combined with the process manager role, if appropriate
• Service owner
  Responsible to the customer for the initiation, transition, and ongoing maintenance and support of a particular service; and accountable to the IT director or service management director for the delivery of a specific IT service.

• Strategic thinking aims to define a plan that, using a clear set of principles, will provide a solution to a business problem in a particular situation.
• It is focused on the value to the customer and identifies strategic assets that will be used for competitive advantage.
• IT strategy manager formulates and communicates the IT strategy and ensures elements are in place for successful execution.

• Perspective The distinctive vision and direction
• Position The basis on which the provider will compete
• Plan How the provider will achieve its vision
• Pattern The fundamental way of doing things – distinctive patterns in decisions and actions over time.

This is defined in terms of the customers’ perceived business outcomes and described in terms of the combination of two components:

• Service utility
  What the customer gets in terms of outcomes supported and/or constraints removed
• Service warranty
  How the service is delivered and its fitness for use, in terms of availability, capacity, continuity and security.

Service value also includes the associated concepts of services as assets, value networks, value creation and value capture.

based on Business Process Maturity Model Specification, V1.0

• BPMM is divided into five maturity levels that represent different states through which an organization is transformed as its processes and capability are improved.

• Maturity levels 2-5 are composed of process areas that collectively enable the capability to be achieved at that level.
• Each process area is designed to achieve specific goals in creating, supporting, or sustaining the organizational state characteristic of the level.

• Organizational Process Leadership deals with establishing the executive sponsorship and the management accountability for the performance of the organization’s process improvement activities.
• Organizational Business Governance deals with establishing executive accountability for the management and performance of the organization’s work and results.
• Work Unit Requirements Management deals with establishing and maintaining the documented and agreed-to requirements for the work that a work unit performs.
• Work Unit Planning and Commitment deals with establishing and maintaining the plans and commitments for performing and managing the work required of a work unit.
• Work Unit Monitoring and Control deals with regularly monitoring and adjusting the work assignments, resources, and other work factors.

• Work Unit Performance deals with having the individuals and workgroups within the work unit perform their assigned activities and produce the agreed-to results.
• Work Unit Change Management deals with managing and controlling the content and changes to product releases that are deployed.
• Sourcing Management deals with managing the acquisition of products and services from suppliers external to the organization.
• Process and Product Assurance deals with providing appropriate conformance guidance and objectively reviewing the activities and work products.

• Maturity Levels from 2 to 5 are defined
• Conformance Points: an organization may conform to this specification at a Maturity Level of 2 or higher
• Conformance defined cumulatively by reference to Goals realized: A compliant organization at a given Maturity Level shall realize all Goals specified for Maturity Levels up to and including the given Level
• Goal realization: an organization realizes a Goal if and only if the organization has implemented practices which, in combined effect, achieve that Goal

• by Craig Gygi et al, Six Sigma for Dummies, Second Edition, Wiley, 2012
• Six Sigma cheat sheet: http://www.dummies.com/how-to/content/six-sigma-for-dummies-cheat-sheet.html

Six Sigma is a problem-solving methodology that helps improve business and organizational operations.

The Six Sigma scale shows how well a vital feature performs compared to its requirements. The higher the sigma score, the more efficient the feature is.

Sigma Level	Defects per Million Opportunities (DPMO)	Percent Defects (%)	Percent Success
1	691,462	69	31
2	308,538	31	69
3	66,807	6.7	93.3
4	6,210	0.62	99.38
5	233	0.023	99.977
6	3.4	0.00034	99.99966

Six Sigma is based on a handful of basic principles, and these principles create the entire Six Sigma arrangement. Here are Six Sigma’s fundamental principles:

• All outcomes and results are determined by inputs with some degree of uncertainty.
• To change or improve results, you have to focus on the inputs, modify them, and control them.
• Variation is everywhere, and it degrades consistent, good performance. Your job is to find it and minimize it!
• Valid measurements and data are required foundations for consistent, breakthrough improvement.
• Only a critical few inputs have significant effect on the output. Concentrate on the critical few.
• Every decision and conclusion has risk, which must be weighed against the context of the decision.

• The DMAIC (Define-Measure-Analyze-Improve-Control) project method is a formalized problem-solving process of Six Sigma.
• It’s made-up of five steps to apply to any procedure of a business to improve effectiveness.

1. Define: Set the context and objectives for your improvement project.
2. Measure: Determine the baseline performance and capability of the process or system you’re improving.
3. Analyze: Use data and tools to understand the cause-and-effect relationships in your process or system.
4. Improve: Develop the modifications that lead to a validated improvement in your process or system.
5. Control: Establish plans and procedures to ensure that your improvements are sustained.

• Poka-yoke (ポカヨケ) [poka yoke] is a Japanese term that means "mistake-proofing"
• A poka-yoke is any mechanism in manufacturing process that helps an equipment operator avoid mistakes.
• Its purpose is to eliminate product defects by preventing, correcting, or drawing attention to human errors as they occur

• based on BPM and Lean -- a powerful combination for process improvement (White paper)
• http://leanblitzconsulting.com/2013/01/what-is-lean-six-sigma-kaizen/

• Lean thinking focuses on value for the customer by eliminating waste in an end-to-end process.
• It establishes flow and implements a "one-piece" pull system.
• It strives to achieve perfection through continuous improvement.

Philipp Schume, BPM Voices: BPM and Lean -- a powerful combination for process improvement

• Lean provides excellent methods for process improvement, it is unable to easily provide visibility into a process and quantify the extent of the improvement.
• The lack of adequate measurements, missing targets, and key performance indicators (KPIs) are some of the biggest challenges during the Future State (To-Be) testing and implementation in many process improvement projects.

• When a business process is analyzed using the Lean methodology, all process activities are classified into value-adding (VA) and non-value adding (NVA) activities.
• Typically, more than 50% of activities are non-value adding, or activities the customer is unwilling to pay for.
• These NVAs are further analyzed and summarized into the seven waste categories to assist the project team in finding a Lean solution for the future process.

• What is SOX?
• What is COBIT?
• What is ITIL?
• What is BMM Maturity Level?
• What is Six Sigma?
• What is Poka Yoke?
• What does TIMWOOD stand for?